India targeted by new Transparent Tribe attack campaign

Pakistan-linked threat operation Transparent Tribe, also known as APT36, has targeted Indian government organizations' Linux-based systems with the new DeskRAT malware as part of a cyberespionage campaign that commenced in June, Infosecurity Magazine reports.

Attacks, which were primarily aimed at systems using the Bharat Operating System Solutions Linux distribution, involved the distribution of phishing emails with malicious ZIP archives, according to Sekoia.io researchers. Opening the ZIP files, which are hosted by a dedicated staging server, triggers a Bash command sequence executing a binary payload before displaying a fraudulent PDF detailing Indian defense matters and launching DeskRAT.

Aside from using WebSocket for command-and-control communications and remotely uploading and executing files, DeskRAT also pilfers sensitive files smaller than 100 MB and leverages various Linux-tailored methods for persistence, said the report, which also noted the payload's inclusion of code potentially created via large language models.

"...[T]he widespread use of LLMs by attackers compresses malware development cycles, such as RATs and C2, creating a time imbalance where attackers can deploy faster than researchers can manually reverse and detect," researchers added.